Technical Security Governance Manager

Company Overview

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity.

Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).

The Technical Security Governance Manager plays an important role in helping evolve our governance model from policy-driven to technically prescriptive. This role blends governance knowledge with technical acumen to ensure that security policies and controls are implementable, measurable, and effective. You will contribute to defining security controls, translating policies into actionable engineering requirements, and supporting the integration of governance into systems and processes.

Working closely with engineering, compliance, and risk management teams, you will help improve control adoption, strengthen security posture, and reduce friction between governance intent and technical execution.

This position is an individual contributor role reporting to the Director of Security Governance.

• Support the development, maintenance, and refinement of enterprise-wide security policies, standards, and control objectives
• Contribute to aligning policies with frameworks (e.g., ISO, SOC 2, NIST, PCI, FedRAMP) and regulatory requirements
• Assist in keeping security policies and standards current, practical, and risk-aligned
• Define and document controls with both policy and technical input, ensuring they are implementable and measurable
• Partner with engineering to help embed controls into systems, CI/CD pipelines, and operational processes
• Support policy education and adoption programs to drive awareness and compliance across the organization
• Help design processes that integrate policy-driven controls into engineering ways of working
• Collaborate with compliance and risk teams to track and monitor control effectiveness
• Utilize technical tooling (e.g., GRC systems, automation dashboards) to provide visibility into control implementation
• Participate in technical assurance efforts to identify implementation gaps before they become audit findings

Hybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)

Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law.

Basic

• 5+ years of experience in security governance, GRC, or security engineering, with at least 3 years in a technical security role
• University degree in Computer Science, Information Systems, or related field, or equivalent work experience
• Knowledge of security frameworks and standards (e.g., ISO 27001, SOC 2, NIST CSF, PCI DSS, FedRAMP)
• Experience helping define and embed security controls into engineering workflows, CI/CD pipelines, or infrastructure
• Familiarity with security tooling, GRC platforms, and automation frameworks

Preferred

• One or more certifications such as Security+, CISA, CISM, or CISSP
• Experience working in cloud environments (AWS, GCP, Azure) with exposure to infrastructure-as-code practices
• Understanding of Dev Sec Ops , security automation, and control validation techniques
• Experience supporting cross-functional initiatives involving engineering, compliance, and product teams
• Proactive, demonstrated self-starter, open to learning new security topics, flexible and organized
• Strong collaboration and communication skills with both technical and non-technical audiences
• Solid documentation and reporting abilities
• Strong understanding of information security concepts, processes, and controls

Pay for this position is based on a number of factors including geographic location and may vary depending on job-related knowledge, skills, and experience.

Based on applicable legislation, the below details pay ranges in the following locations:

California: $ - $ base salary

Illinois, Colorado, Massachusetts and Minnesota: $ - $ base salary

Washington, Maryland, New Jersey and New York (including NYC metro area): $ - $ base salary

This role is also eligible for the following:

• Bonus:
  Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company…